US charges Ukrainian for SEC 2016 hack, others for insider trading

US authorities charged today a Ukrainian national with hacking the US Securities Exchange Commission, stealing private corporate data, and passing it to others who then profited from this information by engaging in insider trading.

The hacker charged with these crimes is Oleksandr Ieremenko, 26, of Kiev, Ukraine, a suspect also charged and found guilty of hacking three press release newswire services between February 2010 and November 2014 [1, 2].

According to an indictment filed today by the US Department of Justice, after the newswire hacks, Ieremenko continued his hacking spree by targeting the SEC’s EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system, a database holding information on official company filings, future announcements, and past financial records.

US authorities say that sometime in February 2016, Ieremenko gained access to the SEC’s EDGAR system by using “directory traversal attacks, phishing attacks, and infecting computers with malware.”

Court documents reveal the hacker targeted and gained access to the SEC EDGAR test filing system, an application that lets companies upload test files and see if the SEC filing system works as intended.

While some companies used non-sensitive files to test the SEC filing system, others used documents containing sensitive information, which Ieremenko stole and uploaded to a server under his control in Lithuania.

In a press release published in September 2017, when the SEC disclosed the hack, the agency that it detected the intrusion in May 2016 and immediately closed the vulnerability exploited by the hacker.

However, in a new press release today, the SEC says Ieremenko somehow persisted on its network and continued to siphon off documents until March 2017.

The DOJ says the hacker worked with Artem Radchenko, 27, also of Kiev, Ukraine, who they also charged today in a joint 16-count criminal complaint.

DOJ officials said Radchenko “recruited to the scheme traders who were provided with the stolen test filings so they could profit by trading on the information before the investing public.”

However, an investigation into the newswire hacks by Ukrainian journalist Isobel Koshiw revealed that Ieremenko and Radchenko weren’t “partners” in the scheme.

According to her investigation, published in The Verge, Ieremenko hacked at Radchenko’s behest “under threat of violence” and might have never actually profited from the hacks, with all the money going to Radchenko and the trader partners.

According to a press release from the SEC filed today, Radchenko distributed the stolen SEC EDGAR test filings to six other individuals and two other companies in the US, Ukraine, and Russia.

“In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits,” the SEC said.

Image: SEC

Both Ieremnko and Radchenko are still at large. If arrested, extradited, trialed, and found guilty, they risk tens of years behind bars.

According to Koshiw’s investigation, after the SEC EDGAR hack, Ieremenko might have moved to Russia.